charm-haproxy

  1. Bug #2040130
  2. Activity log

Activity log for bug #2040130

Date Who What changed Old value New value Message
2023-10-23 06:35:53 Erik Lönroth bug added bug
2023-10-23 06:35:53 Erik Lönroth attachment added Screenshot from 2023-10-23 08-24-42.png https://bugs.launchpad.net/bugs/2040130/+attachment/5712396/+files/Screenshot%20from%202023-10-23%2008-24-42.png
2023-10-23 06:38:09 Erik Lönroth description I was relating a haproxy:reverseproxy to the "juju-controller:swebsite" charm. (See attached image) The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. I was expecting the haproxy to be able to add those units as part of the config. # Below the haprxy - There is shows that there are three units of the juju-controller. juju show-unit haproxy/0 haproxy/0: machine: "3" opened-ports: - 80/tcp - 443/tcp - 10000/tcp public-address: 13.51.194.141 charm: ch:amd64/focal/haproxy-75 leader: true life: alive relation-info: - relation-id: 1 endpoint: peer related-endpoint: peer application-data: {} local-unit: in-scope: true data: egress-subnets: 172.31.37.29/32 ingress-address: 172.31.37.29 private-address: 172.31.37.29 - relation-id: 2 endpoint: reverseproxy related-endpoint: website application-data: {} related-units: juju-controller/0: in-scope: true data: egress-subnets: 172.31.19.33/32 hostname: 172.31.19.33 ingress-address: 172.31.19.33 port: "17070" private-address: 172.31.19.33 juju-controller/1: in-scope: true data: egress-subnets: 172.31.39.110/32 ingress-address: 172.31.39.110 private-address: 172.31.39.110 juju-controller/2: in-scope: true data: egress-subnets: 172.31.8.39/32 ingress-address: 172.31.8.39 private-address: 172.31.8.39 # Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3. frontend haproxy-0-443 bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3 default_backend app-controller mode http backend app-controller mode http balance leastconn option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol http-check expect status 101 server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check I was relating a haproxy:reverseproxy to the "juju-controller:swebsite" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units. (See attached image) # The problem The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config. # Below the single haproxy unit - This shows that there are three units of the juju-controller. juju show-unit haproxy/0 haproxy/0:   machine: "3"   opened-ports:   - 80/tcp   - 443/tcp   - 10000/tcp   public-address: 13.51.194.141   charm: ch:amd64/focal/haproxy-75   leader: true   life: alive   relation-info:   - relation-id: 1     endpoint: peer     related-endpoint: peer     application-data: {}     local-unit:       in-scope: true       data:         egress-subnets: 172.31.37.29/32         ingress-address: 172.31.37.29         private-address: 172.31.37.29   - relation-id: 2     endpoint: reverseproxy     related-endpoint: website     application-data: {}     related-units:       juju-controller/0:         in-scope: true         data:           egress-subnets: 172.31.19.33/32           hostname: 172.31.19.33           ingress-address: 172.31.19.33           port: "17070"           private-address: 172.31.19.33       juju-controller/1:         in-scope: true         data:           egress-subnets: 172.31.39.110/32           ingress-address: 172.31.39.110           private-address: 172.31.39.110       juju-controller/2:         in-scope: true         data:           egress-subnets: 172.31.8.39/32           ingress-address: 172.31.8.39           private-address: 172.31.8.39 # Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3. frontend haproxy-0-443     bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3     default_backend app-controller     mode http backend app-controller     mode http     balance leastconn     option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol     http-check expect status 101     server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check
2023-10-23 17:15:29 Erik Lönroth description I was relating a haproxy:reverseproxy to the "juju-controller:swebsite" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units. (See attached image) # The problem The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config. # Below the single haproxy unit - This shows that there are three units of the juju-controller. juju show-unit haproxy/0 haproxy/0:   machine: "3"   opened-ports:   - 80/tcp   - 443/tcp   - 10000/tcp   public-address: 13.51.194.141   charm: ch:amd64/focal/haproxy-75   leader: true   life: alive   relation-info:   - relation-id: 1     endpoint: peer     related-endpoint: peer     application-data: {}     local-unit:       in-scope: true       data:         egress-subnets: 172.31.37.29/32         ingress-address: 172.31.37.29         private-address: 172.31.37.29   - relation-id: 2     endpoint: reverseproxy     related-endpoint: website     application-data: {}     related-units:       juju-controller/0:         in-scope: true         data:           egress-subnets: 172.31.19.33/32           hostname: 172.31.19.33           ingress-address: 172.31.19.33           port: "17070"           private-address: 172.31.19.33       juju-controller/1:         in-scope: true         data:           egress-subnets: 172.31.39.110/32           ingress-address: 172.31.39.110           private-address: 172.31.39.110       juju-controller/2:         in-scope: true         data:           egress-subnets: 172.31.8.39/32           ingress-address: 172.31.8.39           private-address: 172.31.8.39 # Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3. frontend haproxy-0-443     bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3     default_backend app-controller     mode http backend app-controller     mode http     balance leastconn     option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol     http-check expect status 101     server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check I was relating a haproxy:reverseproxy to the "juju-controller:website" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units. (See attached image) # The problem The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config. # Below the single haproxy unit - This shows that there are three units of the juju-controller. juju show-unit haproxy/0 haproxy/0:   machine: "3"   opened-ports:   - 80/tcp   - 443/tcp   - 10000/tcp   public-address: 13.51.194.141   charm: ch:amd64/focal/haproxy-75   leader: true   life: alive   relation-info:   - relation-id: 1     endpoint: peer     related-endpoint: peer     application-data: {}     local-unit:       in-scope: true       data:         egress-subnets: 172.31.37.29/32         ingress-address: 172.31.37.29         private-address: 172.31.37.29   - relation-id: 2     endpoint: reverseproxy     related-endpoint: website     application-data: {}     related-units:       juju-controller/0:         in-scope: true         data:           egress-subnets: 172.31.19.33/32           hostname: 172.31.19.33           ingress-address: 172.31.19.33           port: "17070"           private-address: 172.31.19.33       juju-controller/1:         in-scope: true         data:           egress-subnets: 172.31.39.110/32           ingress-address: 172.31.39.110           private-address: 172.31.39.110       juju-controller/2:         in-scope: true         data:           egress-subnets: 172.31.8.39/32           ingress-address: 172.31.8.39           private-address: 172.31.8.39 # Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3. frontend haproxy-0-443     bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3     default_backend app-controller     mode http backend app-controller     mode http     balance leastconn     option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol     http-check expect status 101     server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check